CVE-2021-22881

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted Host header can be used to redirect to a malicious website.

Published: Feb 11, 2021
Updated: Nov 8, 2023
CVE: CVE-2021-22881
GHSA: GHSA-8877-prq4-9xfw
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
rubyonrails / rails	6.1.0	6.1.2.1
rubyonrails / rails	6.0.0	6.0.3.5
fedoraproject / fedora	33	33.x
actionpack	6.0.0	6.0.3.5
actionpack	6.1.0	6.1.2.1

http://www.openwall.com/lists/oss-security/2021/05/05/2
http://www.openwall.com/lists/oss-security/2021/08/20/1
http://www.openwall.com/lists/oss-security/2021/12/14/5
https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization/
https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130
https://hackerone.com/reports/1047447
https://lists.fedoraproject.org/archives/list/[email protected]/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/
https://rubygems.org/gems/actionpack

Vulnerability Database

289,697

CVE-2021-22881